North Korean state-sponsored threat actors are targeting macOS users with new malware, utilizing a strategy that combines two popular approaches – fake job ads, and ClickFix, experts have warned.
Security researchers Jamf confirmed they have spotted attacks in the wild using ClickFix, an attack method in which the victim is presented with a fake problem, and at the same time, presented with a fix. It is an evolution of the old “You have a virus” popup that dominated the internet in the early 2000’s. Jamf says ‘DPRK-aligned operators’ from the FlexibleFerret malware family have been creating fake companies, fake LinkedIn profiles and, most importantly – fake job ads, as part of a wider campaign called Contagious Interview.
Read more…
Source: TechRadar News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Fintech firm Marquis alerts dozens of US banks and credit unions of a data breach after ransomware attack
December 3, 2025
Fintech company Marquis is notifying dozens of U.S. banks and credit unions that they had customer data stolen in a cyberattack earlier this year. Details of the cyberattack emerged this week after Marquis filed data breach notices with several U.S. states confirming its August 14 incident as a ransomware attack. Texas-based Marquis is a marketing and compliance ...
- Attackers have a new way to slip past your MFA
December 3, 2025
Attackers are using a tool called Evilginx to steal session cookies, letting them bypass the need for a multi-factor authentication (MFA) token. Researchers are warning about a rise in cases where this method is used against educational institutions. Evilginx is an attacker-in-the-middle phishing toolkit that sits between you and the real website, relaying the genuine sign-in ...
- A data breach at analytics giant Mixpanel leaves a lot of open questions
December 2, 2025
A cybersecurity incident at analytics provider Mixpanel announced just hours before the U.S. Thanksgiving holiday weekend could set a new standard for how not to announce a data breach. To recap: In a bare bones blog post last Wednesday, Mixpanel chief executive Jen Taylor announced that the company had detected an unspecified security incident on November ...
- Unraveling Water Saci’s New Multi-Format, AI-Enhanced Attacks Propagated via WhatsApp
December 2, 2025
Brazil has seen a recent surge of threats delivered via WhatsApp. As observed in Trend Micro previously published research on the SORVEPOTEL malware and the broader Water Saci campaignopen on a new tab, this popular platform has been used to launch sophisticated campaigns. Unsuspecting users receive convincing messages from trusted contacts, often crafted to exploit social ...
- Google patches 107 Android flaws, including two being actively exploited
December 2, 2025
Google has patched 107 vulnerabilities in Android in its December 2025 Android Security Bulletin, including two high-severity flaws that are being actively exploited. The December updates are available for Android 13, 14, 15, and 16. Android vendors are notified of all issues at least a month before publication, but that doesn’t always mean the patches ...
- NHS Highland staff ‘poor practice’ sparks fears of heightened risk of a major cyber attack
December 1, 2025
NHS Highland is at heightened risk of falling prey to a major cyber attack in part due to “poor practice” by some staff members. The warning, contained in a report to the board assessing risk levels faced in a range of areas against what is deemed an acceptable level of risk, comes as the busy ...